M1r1
Reputation: 207
Define anotation at runtime
I have this method in my application and I want to authorize to execute this method only users which have permssions 1,2 in a specific organization. I have overriden method hasPermission to check based on userid and organizationId if he has 1,2 permission in database but I cannot pass a variable organisationId in @PreAuthorize annotation.
@GetMapping(value="api/v1/oroganisation/{organisationId}")
@PreAuthorize("hasPermission('organisationId','[1,2]')")
public String hello(){
return "Hello";
}
Upvotes: 1
Views: 41
Answers (1)
Andy Brown
Reputation: 12999
Inject the organisationId into your hello() method as a method argument using a @PathVariable attribute. You can then refer to organisationId in your @PreAuthorize expression by prefixing it with a # character, i.e. #organisationId.
Please see the documentation section 15.3.1 for full details.
Upvotes: 1
Related Questions
- How to enable secured-annotations with Java based configuration?
- Spring Conditional Annotation Operator
- Custom annotation with spring security
- Using custom method security annotation in spring security
- Java annotation based Spring security config
- How to configure spring-security with annotations (no xml)?
- Inject properties via annotation
- Spring Security Method Security Annotations
- Secured annotations in spring security
- How to create security anotation like spring security